Access

CTX-Blog

powered by Ecki's Place

December 9, 2007

Update: PNAgent Filter for Web Interface 4.6

Not long ago, i had to implement the PNAgent Filter for Web Interface 4.6. It turned out, that the code itself of the modification didn’t need any changes from WI 4.5 to WI 4.6. To allow for an easy implementation, i nevertheless created an updated archive of the modification and updated the files for WI 4.6. Therefore all it needs is to replace one file, without the hassle to copy and paste code blocks to the right locations.

Download FilterApps4.6

This modification gives an administrator the power to hide Published Applications from the user. The only thing he has to do is adding a “#” sign in front of the application description. Very handy, if you use PNAgent to populate the Desktop and Start Menu and do not want the published Desktop to appear in the context menu of the PNAgent in the taskbar.

See also: PNAgent Filter for Web Interface 4.5

Regards
Ecki

September 17, 2007

Access Gateway hotfix 4.5.5 Rev. B

After the summer holidays and several very busy weeks, i have found the time again to carry on with these pages 🙂

Citrix released Revision B of the Access Gateway HotFix 4.5.5 today, which eliminates a couple of bugs. After the update to version 4.5.5 some CAG Standard installations experienced a freeze every 10 to 20 minutes or even worse 2 to 3 crashes/reboots a day. The “reason” for this behavior was the configuration of more than one STA on the CAG Standard. After the update to Rev. B this bug should be eliminated.

Additional fixes for the SAC roll out and the EPA download are included. Furthermore the SAC should close now more reliably in AAC deployments. The full list of fixes and the download can be found here.

Regards
Ecki

July 21, 2007

Web Interface 4.6 for Windows available

Yesterday Citrix released the new Web Interface 4.6 for Windows. This version is mandatory for several new features and enhancements introduced with the Rollup Pack 01 for Presentation Server 4.5.

Before installing Web Interface 4.6 you have to update your AMC (Access Management Console for Presentation Server 4.5) first. The new console snap-ins must be present before the new features can be installed successfully. The new AMC can be downloded here.

The download of Web Interface 4.6 and aditional informations can be found here.

Regards
Ecki

July 21, 2007

First Hotfix Rollup Pack for Presentation Server 4.5 available

On July 19th Citrix released the first Hotfix Rollup Pack for Citrix Presentation Server 4.5. This update comprises a couple of new features and options. Beside others, the main improvements are IMHO the following issues:

  • Microsoft Windows Vista/Office 2007 Compatibility Updates
  • Enhanced (16-, 32-, and 48-bit) Icon Support
  • Microsoft Office Live Preview Support

To get the fulll benefit of these compatibilityupdates, you must also deploy Version 10.100 or later of the Presentation ServerClient.

The download and aditional informations can be found here.

Regards
Ecki

July 21, 2007

AAC 4.5 update available

July 20.: Citrix yesterday released the Hotfix AAC450W001 for Citrix Access Gateway Advanced. This update comprises a couple of new features and options. Beside others, the main improvements are IMHO the following issues:

  • WANScaler integration (protocol and TCP optimizations through the SSL VPN client)
  • Support for Web-enabled Mobile Devices

Since a couple of security updates are comprised in this Package, administrators shouldn’t wait with installing this update.

The download and aditional informations can be found here.

Regards
Ecki

July 18, 2007

CAG 4.5.5 Update available

July 18.: Citrix released a Hotfix for Citrix Access Gateway. This hotfix is applicable to the Model 2000 and the Model 2010 appliance that supports the Access Gateway Standard Edition, Version 4.5 and Access Gateway Advanced Edition, Version 4.5. This update comprises a couple of new features and options. Beside others, the main improvements are IMHO the following issues:

  • Caching of one time passwords can now be disabled
  • WANScaler integration (protocol and TCP optimizations through the SSL VPN client)
  • Vista client support

Since a couple of security updates are comprised in this Package, administrators shouldn’t wait with installing this update.

The download and aditional informations can be found here.

Regards
Ecki

June 15, 2007

Truths and Myths of Presentation Server and WAN Optimization

Discussions about optimizing WAN links are on the rise, as a result of an increasing tendency to consolidate server and data centers. Most of the big players in networking business like Cisco, F5, Packeteer, Riverbed and since a couple of months Citrix with his WANScaler (former Orbital Data), just to name a few, are very active in this field. The focus however is usually in accelerating file and print services (SMB/CIFS), as well as frequently used protocols like HTTP, FTP and MAPI (Outlook/Exchange).

Not only since the acquisition of Orbital Data by Citrix in Oktober 2006 more and more people are asking if and how ICA can be optimized. Be it that high latency on satellite links, or GPRS/UMTS slows down screen refreshes to an unacceptable rate, or that one big print job bars a whole site from working, people ask for help more and more. Citrix with their WANScaler raised the expectations in many companies and won’t get tired of deliver their message “we overcome latency” and “latency doesn’t matter anymore”.

As a Riverbed partner in Switzerland i know the technologies and dependencies pretty good and also know about the problems in WAN environments. Therefore i couldn’t believe all those announcements and always tried to scale down the expectations of my customers. My own tests with WANScaler and Riverbed appliances showed no noticeable improvement in this area. I will post a comparison between these two products on this blog shortly. Citrix was only able to provide me with a WANScaler with the unofficial (Citrix)release 3.1.8, which is more or less a rebranded Orbital Date release. I couldn’t get my hands on the actual version 4.1 which is supposed to be the first “real” Citrix version of WANScaler, regardless how much i asked and begged. As soon as i have a chance to test the new release i will post the results here. But now back to the main topic…

Now Citrix consulting finaly released a paper, in which they analyze and describe the possibilities and especially the limits when trying to optimize ICA. I can really recommend this paper for everyone who is awaiting the visit of any kind of “WAN optimizer” for preparation. All other Citrix administrators are encouraged to read this paper too, because this topic will become important sooner or later – and then you will be prepared.

Truths and Myths of Presentation Server and WAN Optimization

Regards
Ecki

May 25, 2007

Vulnerability in Citrix Session Reliability service, CTX112964

A security flaw in the Citrix Presentation Server Session Reliability service has been found recently. The Session Reliability service is used by some Citrix products to improve user experience when connecting over unreliable networks. By sending a specifically crafted request to this service, an attacker could establish a TCP connection to any port on the local machine. This could be used by the attacker to bypass network security policies and remotely access local ports on the target machine.

This vulnerability is present in the following versions of Citrix products:

  • Citrix MetaFrame Presentation Server 3.0
  • Citrix MetaFrame Presentation Server 4.0
  • Citrix Access Essentials 1.0
  • Citrix Access Essentials 1.5

No other versions of Citrix Presentation Server, Citrix Access Essentials or Citrix Desktop Server are affected by this issue.

Customers running an affected product with the Session Reliability feature disabled are not affected by this issue.

Downloads for all languages are available here (CTX112964).

Regards
Ecki

April 27, 2007

Dynamic USB Utility for the 32-bit Windows Presentation Server Client

Citrix Advanced Products Group investigates emerging technologies relevant to the Citrix business mission, and creates research, prototypes and first release versions of products addressing these technologies. As part of this effort, the Advanced Products Group periodically releases technical preview versions of products to the Citrix community to encourage feedback.

Overview
DynamicUSB allows you to access a USB drive in a Presentation Server session in situations where the device is connected to a client system after the Presentation Server session is established.

The utility creates a directory under C:\CitrixUSBStore in the client file system for each USB drive that is inserted into the client device. This linked directory reflects the contents of the USB drive; thus, all directories and files in the USB drive appear as directories and files under the linked directory. If the USB key is subsequently removed, the utility deletes the corresponding link directory.

The user can access the linked directory from a Presentation Server session using client drive mapping functionality.

Prerequisites
This utility is designed to work only on client systems that support the New Technology File System (NTFS). A Windows XP or later variant of the client operating system is a prerequisite.

Installing DynamicUSB
There is no specific installer for this utility. Extract the executable DynamicUSB.EXE and proceed to use it as described below.

How to Use DynamicUSB

1. Run DynamicUSB.EXE on the client workstation. It creates a system tray icon.

2. Plug in a USB key. DynamicUSB creates a directory called C:\CitrixUSBStore\Drive_X where:

  • X: is the USB drive letter assigned to the USB key by the client operating system
  • Drive_X is a link to X:\

3. When you unplug the USB key, the utility deletes the directory Drive_X.

You can observe directory Drive_X being dynamically created or destroyed in the Presentation Server session as you plug or unplug your USB key.

Modify the Default Root Directory for Linked Directories
To modify the default directory in which linked directories are created (C:\CitrixUSBStore), launch DynamicUSB with the following command line:

DynamicUSB FullPathoftheDesiredRootDirectory

If FullPathoftheDesiredRootDirectory has spaces, enclose it with double quotation marks as shown below:

DynamicUSB “FullPathoftheDesiredRootDirectory”

You can download the tool here.

Regards
Ecki

April 20, 2007

Citrix Access Gateway v4.5.2 released

April 18. Citrix released Citrix Access Gateway (Standard and Advanced) v4.5.2. This update comprises a couple of interesting fixes. Beside others, the main improvements are IMHO the fixes of the following issues:

  • When the Secure Access Client is started from the desktop icon, the taskbar button displays “Shutting Down,” and the portal page is not displayed for a significant amount of time
  • Downloading files larger than 512 megabytes through the Access Gateway fail
  • When users attempt to log on using the Endpoint Analysis Client, they cannot log on if the Web site is not trusted
  • The Access Gateway fails when an invalid certificate is installed using the Administration Portal

A complete list of fixes and the download can be found here.

Regards
Ecki